Ex-employee faces 7 years in prison after hacking into security firm and deleting client data

A US man has been sentenced to seven years in federal prison after being found guilty of an audacious hacking scheme in which he used a Remote Access Trojan (RAT) to covertly delete a slew of sensitive computer files belonging to his former security company employer.

After resigning from Florida-based Navarro Security Group, 29-year-old Jonathan Lee Eubanks repeatedly accessed his former employer’s computer networks in 2013 using hacking tools implanted on a co-worker’s computer, the US Department of Justice (DoJ) revealed on Friday 30 June 2017.

Analysis of the computer logs showed how Eubanks had deleted “all of the files on one of the company’s computer servers”, including databases of client and employee information alongside files necessary for scheduling and tracking employee shifts.

The DoJ said he also re-directed the company’s website so online visitors were instead sent to a competing firm, which was not named in the release. Evidence showed Eubanks used personal email accounts of a former co-worker to send multiple messages accusing the security firm of “illegal practices”.

Weeks later, Eubanks placed a series of online orders for “rifle scopes, survivalist gear and electronics” using credit cards and names stolen from three victims, obtained by hacking into the networks of another company which makes software for private security firms.

Prosecutors in the case recommended a severe sentence as Eubanks was found to have repeatedly lied to the jury when he was testifying during his trial in a Fort Lauderdale court earlier this year. He claimed he knew nothing of the alleged crimes, The Sun Sentinel newspaper reported.

Assistant federal public defender Daryl Wilcox noted in court records that Eubanks had a troubled childhood, with the court also hearing how the defendant admitted to using marijuana, drinking alcohol and taking prescription pain pills during the trial period.

In April, a jury convicted Eubanks of one count of intentionally causing damage to a protected computer without authorisation, one count of access device fraud, and three counts of aggravated identity theft.

Senior US district judge James Cohn handed Eubanks to a total of 84 months in prison. The sentence consisted of 60 months (five years) for intentionally damaging a protected computer and access device fraud, followed by a consecutive term of 24 months in prison for aggravated identity theft.